Communication network system having secret concealment function, and communication method

ABSTRACT

The present invention provides a communication network system having a central management device and a plurality of local area network systems. Each of the plurality of local area network systems has a router and a terminal. The central management device encrypts a common key by using each public key of each router, and sends the encrypted common key to each router. The router decrypts the encrypted common key sent from the central management device by using a secret key of the router. The router encrypts communication data to be sent from a terminal in the router&#39;s local area network system to a terminal in another local area network system, or to be sent from the router to the central management device by using the common key, and sends the encrypted communication data to another local area network or the central management device.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present invention relates generally to a communicationnetwork system having a function to secretly conceal communication data,and to a communication method. More particularly, the invention relatesto a communication network system that secretly conceals the data to becommunicated between a plurality of local area networks that aremutually connected, and to a communication method.

[0003] Moreover, the present invention relates to a router having afunction to secretly conceal communication data. In addition, theinvention relates to a central management device that centrally managesinformation required for secret concealment of communication data.

[0004] 2. Description of the Related Arts

[0005] Increasing number of corporations are building up a local areanetwork (LAN) or the Intranet, routing a communication cable, like theEthernet cable (for instance, 10BASE-T, etc.) within a single structure(building, factory, etc.), and to the cable, connecting a terminal(client) or server within the structure.

[0006] Also, even in the case of a single corporation, if its headoffice, branch office, factory and the like are located in differentplaces of different structures, such a corporation builds up anintra-company network, mutually connecting local area networks built-upin each structure by another communication line. As the communicationline that mutually connects the individual local area networks, a leasedline supplied by a communication service company (for instance, part ofthe public network supplied by a communication service company) isgenerally used.

[0007] Unlike an open and public network like the Internet, such anintra-company network may be called a private network, since it is apersonal network of a corporation.

[0008] On such a private network, confidential information to outsiders,in short, confidential information to outside of the company (forinstance, secret information, intra-office information, etc.) may becommunicated. Needless to say, such secret information should not beread, copied or tampered by any outsiders.

[0009] However, as the leased line that making up a part of the privatenetwork is to connect a structure-to-structure, the line is to be laidaround the outside of the structure. Therefore, the portion of such aleased line can allow outsiders (for instance, unauthorized third party)to tapping or alter secret information more easily, compared with theportion of the local area network laid in the structure.

[0010] Because of this, in order to keep secret information from such atapping or alteration, a variety of encryption technologies have beendeveloped and even supplied to private networks.

[0011] However, the conventional encryption function is integrated intosoftware like a mailer or a browser mounted on the terminal (client) ofa private network. And whether the information is to be encrypted or notis entrusted to the awareness of the user using it. Therefore, theactual state is that the encryption of information is not performed ifeach user does not have high awareness to secret concealment ofinformation.

[0012] In addition, a degree of importance of information, especially,whether the information is subject to secret concealment or not, differsdepending on each user, and. for instance, even if the information isconsidered by the receiver or the third party to be subject to secretconcealment, in the case where the sender is not aware of the necessityof secret concealment, the information will be sent without beingencrypted.

[0013] Moreover, most users tend to recognize the private network as aclosed network within the corporation, despite that the private networkhas a portion that uses a communication line installed to the outside ofthe structure (for instance, the leased line). Because of this, mostusers are not fully aware of risks of tapping or alteration by the thirdparty.

[0014] From the background as described above, the need is increasing tosystematically support encrypting information on a private network, notentrusting the task with individual users.

[0015] Also, it is troublesome for each user to manage an encryptionkey/decryption key. For instance, on a public key encryption system(method), the sender is required to manage different public keys forevery destination (receiver). Moreover, when the system is extended,such as when a new terminal, server or local area network isadditionally installed to the network, the sender will be additionallyrequired to manage new public keys for those newly installed terminal,etc. As described, the sender is required complex management of suchpublic keys.

SUMMARY OF THE INVENTION

[0016] The present invention was conceived in the light of thebackground as described above, and the object thereof is to secretlyconceal communication data to be communicated between the local areanetworks on the communication network system on which a plurality oflocal network systems are mutually connected.

[0017] It is another object of the present invention to achieve acentralized management of information required for secret concealment ofcommunication data.

[0018] A communication network system according to a first aspect of thepresent invention is a communication network system having a centralmanagement device and a plurality of local area network systems, saidcentral management device and said plurality of local area networksystems being connected to each other, each of the plurality of localarea network systems having a router and a terminal which are connectedto each other via a local area network, said central management devicecomprising: a management database for storing at least one common key,each public key assigned to each router and a public key assigned to thecentral management device; and a central-side encryption unit forencrypting the common key by using each public key assigned to eachrouter, and sending the encrypted common key to each router; said routercomprising: a first router-side decryption unit for decrypting theencrypted common key sent from said center-side encryption unit by usinga secret key of the router; a storage unit for storing the common keyafter decryption by said first router-side decryption unit; and arouter-side encryption unit for encrypting communication data to be sentfrom a first source terminal in a local area network system of therouter to a first destination terminal in another local area networksystem, or communication data to be sent from the router to the centralmanagement device, by using the common key stored in said storage unit,and sending the encrypted communication data to another local areanetwork or the central management device.

[0019] A communication method according to a first aspect of the presentinvention is a communication method in a communication network systemhaving a central management device and a plurality of local area networksystems, said central management device and said plurality of local areanetwork systems being connected to each other, each of the plurality oflocal area network systems having a router and a terminal which areconnected to each other via a local area network, comprising steps of:in said central management device, encrypting at least one common keystored in a management database in advance by using each public keyassigned to each router, each public key being stored in said managementdatabase in advance; and sending the encrypted common key to eachrouter; and in said router, decrypting the encrypted common key sentfrom the central management device by using a secret key of the router;encrypting communication data to be sent from a source terminal in alocal area network system of the router to a destination terminal inanother local area network system, or communication data to be sent fromthe router to the central management device by using the common key; andsending the encrypted communication data to another local area networkor the central management device.

[0020] According to the first aspect of the present invention, thecommunication data to be communicated between local area networks isencrypted by the router. Accordingly, the data to be communicated overlocal area network system-to-system can be secretly concealed, even ifthe user of the terminal of the local area network system is not awareof the secret concealment of the data (encryption). By this function,the data will be secretly concealed on a communication line connectingthe local area network system-to-system, thereby preventing any tapping,copying, and alteration by the third party at the communication line.

[0021] Moreover, the common key to be used in encryption is sent to eachrouter so that each router can use it, once stored on the managementdatabase of the central management device. Accordingly, the centralmanagement device can make the centralized management of the common key.

[0022] Preferably, said router further comprises: a second router-sidedecryption unit for decrypting data sent from a second source terminalin another local area network system to a second destination terminal inthe local area network system of the router, and sending the data afterdecryption to said second destination terminal.

[0023] Here, the second source terminal and the first destinationterminal may be the same terminal or different terminals. Further, thesecond destination terminal and the first source terminal may be thesame terminal or different terminals.

[0024] A router according to a second aspect of the present invention isa router disposed in each of a plurality of local area network systemswhich are connected to a central management device, the router beingconnected via a local area network to a terminal disposed in each of theplurality of local area network systems, the router comprising: adecryption unit for decrypting an encrypted common key sent from saidcentral management device, by using a secret key for said router, saidcommon key being encrypted by using a public key for the router; astorage unit for storing said common key after decryption by saiddecryption unit; and an encryption unit for encrypting communicationdata to be sent from a source terminal in a local area network system ofsaid router to a destination terminal in another local area networksystem, or communication data to be sent from said router to the centralmanagement device, by using the common key stored in said storage unit,and sending the encrypted communication data to another local areanetwork or the central management device.

[0025] A communication method according to a second aspect of thepresent invention is a communication method of a router in each of aplurality of local area network systems which are connected to a centralmanagement device, said router being connected to a terminal via a localarea network, comprising steps of: decrypting an encrypted common keysent from said central management device by using a secret key for saidrouter, said common key being encrypted by using a public key for saidrouter; storing the common key after decryption in a storage unit in therouter; encrypting communication data to be sent from a source terminalin a local area network system of the router to a destination terminalin another local area network system, or communication data to be sentfrom the router to the central management device, by using the commonkey stored in the storage unit; and sending the encrypted communicationdata to another local area network or to the central management device.

[0026] A program product according to a second aspect of the presentinvention is a program product executed by a router disposed in each ofa plurality of local area network systems which are connected to acentral management device, the router being connected via a local areanetwork to a terminal disposed in each of the plurality of local areanetwork systems, said program product comprising steps of: decrypting anencrypted common key sent from the central management device by using asecret key of the router, said common key being encrypted by using apublic key of the router; storing said common key after decryption in astorage unit of the router; encrypting communication data to be sentfrom a source terminal in a local area network system of the router to adestination terminal in another local area network system, orcommunication data to be sent from the router to the central managementdevice, by using the common key stored in the storage unit; and sendingthe encrypted communication data to another local area network or to thecentral management device.

[0027] According to the second aspect of the present invention as well,the same operation and effect can be obtained as those obtained by thefirst aspect.

[0028] A central management device according to a third aspect of thepresent invention is a central management device connected to aplurality of local area network systems each having a router and aterminal which are connected to each other through a local area network,the central management device comprising: a management database forstoring at least one common key, each public key assigned to each routerand a public key assigned to said central management device, said atleast one common key being used by each router to encrypt communicationdata to be communicated between a terminal of a local area networksystem and a terminal of another local area network system, or betweeneach router and the central management device; and an encryption unitfor encrypting the common key by using each public key assigned to eachrouter, and sending the encrypted common key to each router.

[0029] A management method according to a third aspect of the presentinvention is a management method of a central management deviceconnected to a plurality of local area network systems each having arouter and a terminal which are connected to each other through a localarea network, the management method comprising steps of: storing in amanagement database and managing at least one common key, each publickey assigned to each router and a public key assigned to said centralmanagement device, said at least one common key being used by eachrouter to encrypt communication data to be communicated between aterminal in a local area network system and a terminal in another localarea network system, or between a router and the central managementdevice; encrypting the common key by using each public key assigned toeach router; and sending the encrypted common key to each router.

[0030] A program product according to a third aspect of the presentinvention is a program product executed by a computer installed in acentral management device connected to a plurality of local area networksystem each having a router and a terminal which are connected to eachother through a local area network, said program product comprisingsteps of: storing in a management database and managing at least onecommon key, each public key assigned to each router and a public keyassigned to said central management device, said at least one common keybeing used by each router to encrypt communication data to becommunicated between a terminal in a local area network system and aterminal in another local area network system, or between a router andthe central management device; and encrypting the common key by usingeach public key assigned to each router; and sending the encryptedcommon key to each router.

[0031] According to the third aspect of the present invention, thecentral management device can centrally manage the common key used forencryption of the communication data to be communicated between localarea network systems.

BRIEF DESCRIPTION OF THE DRAWINGS

[0032]FIG. 1 is a block diagram showing the overall configuration of acommunication network system according to an embodiment of the presentinvention;

[0033]FIGS. 2,3A, 3B, 4A, and 4B show the data held by the managementdatabase;

[0034]FIGS. 5A to 5C shows the data held by the router 5 ₁;

[0035]FIG. 6 is a flowchart showing the flow of processing when thesource router that received the data from the subscription terminal isto send the data to the subscription terminal 6 of the destinationrouter;

[0036]FIG. 7 is a flowchart showing the flow of processing of the sourcerouter;

[0037]FIG. 8 is a flowchart showing the flow of processing of thecentral management device, when the secret concealment applicable tableof the management database, the public key/secret key table, or thecommon key table is updated; and

[0038]FIG. 9 is a flowchart showing the flow of processing of thedestination router, when the updated table is sent from the centralmanagement device.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0039] Embodiments of the present invention will now be described. It isto be understood that the embodiments are given by way of example andare not intended to restrict the technical scope of the presentinvention.

[0040]FIG. 1 is a block diagram showing the overall configuration of acommunication network system 10 according to an embodiment of thepresent invention. This communication network system 10 is a privatenetwork system of a corporation (Company A). The communication networksystem has a leased line network 1, a central management device 2, and aplurality (n:n denotes any integer of 2 or more) of local area networksystems 3. through 3 _(n).

[0041] The leased line network 1 is a communication network having aleased line supplied by a communication service company. To this leasedline, part of the public network may be allocated.

[0042] The individual local area network systems 3. through 3 n are, forinstance, intranets, each of which is installed to the premises of thehead office, factory, and business office of Company A. Each of thelocal area network systems 3. through 3 _(n), has local area networks orprivate networks (for instance, LANs of Ethernet) 4. through 4 _(n),routers 5. through 5 n, and one or more terminals 6 ₁₁, through 6 _(1p). . . 6 _(n1) through 6 _(nq) (p and q are any integer more than 1).

[0043] Hereinafter, the individual local area network systems 3. through3 n are to be generically named “local area network system 3”, exceptthe case where special identification of the specific system isnecessary in using it. In the same manner, the private networks 4.through 4 n are to be generically named “local area network 4”, and therouters 5. through 5 _(n), are to be generically named “router 5”, andthe terminals 6 ₁₁ through 6 _(1p) . . . 6 _(n1) through 6 _(nq) are tobe generically named “terminal 6”, except the case where specialidentification is needed in use.

[0044] Each of the router 5 and the central management device 2 areconnected to the leased line network 1, so that they can mutuallycommunicate through the leased line network 1. Moreover, the router 5and the terminal 6 installed at the individual local area networksystems 3 are connected to the local area network 4, so that they canmutually communicate through the local area network 4. In thisembodiment, the data (message) to be communicated through the leasedline network 1 and the local area network 4 is transmitted using the IPpacket. The terminal 6 means, for instance, a personal computers, workstations, etc. to be used by the managers or employees of Company A, andsometimes may be called “client”.

[0045] In some cases, a firewall may be connected to the leased linenetwork 1, instead of the router 5. In such cases, the router 5 isconnected to the firewall, and further connected to the leased linenetwork 1 through the firewall.

[0046] Like the router 5, the central management device 2 is alsoinstalled at the premises of a certain corporation, and this device maybe installed to the local area network system (whichever system of thelocal network systems 3. through 3 _(n) or a different local areanetwork system). The router or the firewall can make up the centralmanagement device 2.

[0047] To the central management device 2, a management database 20,which will be detailed later, is installed. As detailed later, themanagement database 20 has the information concerning whether encryptionof the data to be communicated between the individual terminal 6 (IPpacket) being necessary or not, and the information concerning the keyfor encryption, and this database centrally manages the information onthe communication network system 10. Portion of the informationcontained in the management database 20 is given to each router 5, andto be used in encrypting/decrypting the data to be communicated betweenthe terminal 6.

[0048] In the case, where the terminal 6 (source terminal) in a certainlocal area network system 3 is to transmit data to the terminal 6(destination terminal) in another local area network system 3, the datais transmitted to the leased line network 1, through the router 5(source router) installed at the local area network system 3 of thesource terminal, and from the leased line network 1, the data is furthertransmitted via the router 5 (destination router) of the local areanetwork system 3 having the destination terminal.

[0049] At this time, in this embodiment, the source router judgeswhether encryption of data to be transmitted is necessary or not. Thisjudgment is made based on the information given from the managementdatabase 20. If encryption is needed, the source router encrypts thedata and sends to the destination router.

[0050] On the other hand, the destination router judges whetherdecryption of the data sent from the source router is needed or not.This judgment is also made based on the information given from themanagement database 20. If decryption is needed, the destination routerdecrypts the data and sends the decrypted data to the destinationterminal installed to the same local area network system.

[0051] As described above, in this embodiment, the messages to becommunicated over the different local area network systems 3 areencrypted and decrypted by the router 5. By this function, any illegaltapping, copying or altering of the data to be communicated over thelocal area network systems 3 by the third party can be effectivelyprevented. Also, as the router judges the necessity ofencrypting/decrypting the data, and it encrypts/decrypts the data ifnecessary, secret concealment of information can be made securely.

[0052] For information, as to the message to be communicated within thesame local area network system 3, like the conventional system,encryption/decryption is made by the encryption function installed atthe mailer or browser for the individual terminal 6.

[0053] The following shows details of the information held by themanagement database 20, detailed configuration of the router 5, anddetailed description about encryption/decryption process.

[0054]FIGS. 2, 3A, 3B, 4A, and 4B show the data held by the managementdatabase 20. The management database 20 has the data concerning a secretconcealment terminal table (FIG. 2), a public key/secret key table(FIGS. 3A and 3B), and a common key table (FIGS. 4A and 4B). The managerof the communication network system 10, or the operator of the centralmanagement device 2 operating the central management device 2 may inputthese data in the management database 20.

[0055] In FIG. 2, the secret concealment terminal table has the fieldfor the routers, the field for the subscriber terminals(source/destination terminals), and the field of the partner terminals(destination/source terminals), and this drawing shows the combinationof the two terminals (in short, the subscriber terminal and the partnerterminal shown in FIG. 2), between which the data that needs secretconcealment (in other words, encryption (and decryption)), out of thecommunication data exchanged between the terminal 6 is to be sent orreceived. In other words, when data is communicated between thesubscriber terminal and the partner terminal as given on this secretconcealment terminal table, the data is encrypted/decrypted.

[0056] The field for the routers has the identification information toidentify each router 5 on the communication network system 10. As theidentification information, for example, the IP address of the router 5is used. However, since this identification information may be anyinformation that can identify each router 5 at the communication networksystem 10, portion of the IP address or the name of each router 5 can beused as this identification information.

[0057] The field for the subscription terminals has the identificationinformation to identify the terminal 6 subscribed in the router 5provided under the router field (in other words, the terminal directlyconnected to the router 5 through the local area network 4). Forexample, the terminals 6 ₁₁, 6 ₁₂, 6 _(1p), etc. subscribed in therouter 5 ₁, and are directly connected to the router 5 ₁ through thelocal area network 4 ₁.

[0058] The field for the partner terminals has the identificationinformation for the terminal of the communicating partner, wherecommunication to be exchanged needs secret concealment, when data isexchanged with the terminal 6 provided under the subscription terminalfield. For example, the data to be communicated between the subscriptionterminal 6 ₁₁ and its partner terminal 6 ₂₁ or 6 ₂₅ must be secretlyconcealed (in other words, encrypted and decrypted).

[0059] There may be a case where the subscription terminal becomes thesource terminal, and the partner terminal becomes the destinationterminal, and the reverse case may exist. In whichever case, the data tobe communicated is secretly concealed.

[0060] As the identification information to be stored in the fields ofthe subscription terminals and the partner terminals, for example, theIP address of the terminal 6 is used. However, like the field of therouters, this identification information may be any information that canidentify the individual terminal 6 on the communication network system10, portion of the IP address or the name of the individual terminal 6can be used.

[0061] For information, as the secret concealment terminal table is usedfor discriminating between the data that needs secret concealment andthe data that does not need secret concealment, if the data to becommunicated throughout all the terminals 6 needs secret concealment,this secret concealment terminal table is not required to be installedto the management database 20.

[0062] As referred to FIG. 3A, the public key/secret key table shows thedata concerning the combination of the public key and the secret key ofthe central management device 2, as well as the combination of thepublic key and the secret key of each routers 5.

[0063] Under the field for the routers, data and the identificationinformation of the destination router (the router 5 or the centralmanagement device 2) of the common key used for encrypting the data areprovided. Under the field for the public keys, the public key forencrypting the common key for encrypting or decrypting the data to besent to the destination router provided under the field for the routersis provided. Under the field for the secret keys, the common key, whichthe destination router uses for decrypting the common key, is provided.

[0064] For example, the common key used for encrypting the data to besent from a certain router to the central management device 2 isencrypted by the public key Kpc of the central management device 2, andis sent to the central management device 2. The central managementdevice 2 decrypts the common key encrypted by the secret key Ksc.Similarly, the common key used for encrypting the data to be sent fromthe router 5 except the router 5 ₁, or from the central managementdevice 2 to the router 5 ₁ is encrypted by the public key Kp1 of therouter 5 ₁ and sent to the router 5 ₁. The router 5 ₁ decrypts theencrypted common key by the secret key Ks1. As to the public keys andsecret keys of other routers, the functional procedure is the same asdescribed above.

[0065] As shown in FIG. 3B, the combination of the public key/secret keycan be individually provided for every partner router (in short, sourcerouter (the router 5 or the central management device 2)). For example,when the router 5 ₁ is to send data to the central management device 2,the router 5 ₁ encrypts the common key by the public key Kpc1corresponding to the partner router 5 ₁, and the central managementdevice 2 decrypts the common key by the secret key Ksc1 corresponding tothe partner router 5 ₁. As to the public key and the secret key of otherrouters, the functional procedure is the same as described above.

[0066] As referred to FIG. 4A, the common key table has a plurality ofcommon keys. Each router 5 and the central management device 2optionally selects one key from the plurality of common keys, andencrypt the message. The selection method is entrusted to each router 5and the central management device 2.

[0067] As shown in FIG. 4B, on the common key table, a common keyencryption method (common key encryption system) corresponding to eachcommon key can be provided, in addition to the field for common keys.For example, for the common key Kc1, the encryption method M1 is used,and for the common key Kc2, the encryption method M2 is used. Theencryption method corresponding to each common key can be the same asthe encryption method corresponding to other common keys, or can bedifferent methods. In the common key encryption methods, there are DES(Data Encryption Standard), AES (Advanced Encryption Standard), etc.

[0068] Part of the data (table) stored in the management database 20 issent from the central management device 2 to each router 5 through theleased line network 1, and is stored in internal memory (semiconductormemory, hard disk, etc.) for each router 5. This communication isperformed adding to the data to be sent after being encrypted by one ofthe common keys (see FIG. 4A or 4B) stored in the management database20, with the common key encrypted by the public key of the destinationrouter 5. The router 5 on the receiver side decrypts the encryptedcommon key with its own secret key, and decrypts the encrypted data withthe decrypted common key. The processing to send or receive data is sameas the processing shown on the flowcharts in FIG. 8 and FIG. 9.

[0069]FIGS. 5A to 5C, as taking the case of the router 5 ₁ out of therouter 5, shows the data held by the router 5 ₁. FIG. 5A shows thesecret concealment terminal table, FIG. 5B shows the public key/secretkey table, and FIG. 5C shows the common key table.

[0070] While referred to FIG. 5A, the secret concealment terminal tableheld by the router 5 ₁ has only portion of the field for the routersthat concerns the router 5 ₁, out of the secret concealment terminaltable (see FIG. 2.) held by the management database 20. In other words,the secret concealment terminal table held by the router 5 ₁ has onlythe portion of the correspondence chart of the subscription terminal andits partner terminal of the router 5 ₁.

[0071] While referred to FIG. 5B, the public key/secret key table heldby the router 5 ₁ only holds the public key and secret key of its own(in short the router 5 ₁), out of the public key/secret key table (seeFIG. 3A.) held by the management database 20, and also holds only thepublic keys of other routers 5 and the central management device 2. Inthe case where the public key/secret key table is as shown in FIG. 3B,the public key/secret key table held by the router 5 ₁ can also beprovided for every partner router, like the case as described above.

[0072] As referred to FIG. 5C, the common key table held by the router 5₁ is the same as the table held by the management database 20 (see FIG.4A or 4B).

[0073] The tables held by other routers 5 ₂ through 5 _(n) are the sameas the table held by the router 5 ₁.

[0074] In addition to these tables, each router 5 have, needless to say,the data that general routers held, like a routing table for controllingroutes, etc., since they are routers.

[0075] Each of the routers 5 encrypts and decrypts the communicationdata, based on such tables as described above, and performs routing ofthe encrypted data and distribute the data to the subscriptionterminals. FIG. 6 is a flowchart showing the flow of processing when thesource router that received the data from the subscription terminal 6(source terminal) is to send the data to the subscription terminal 6(destination terminal) of the destination router.

[0076] When a source router receives data (IP packet) from a sourceterminal which is directly connected to itself, through the local areanetwork 4 (YES at the step S1), the source router judges whether themessage is subject to secret concealment (encryption) or not (Step S2).

[0077] This judgment is made based on the comparison of the IP addressof the source terminal and the IP address of the destination terminalcontained in the header portion of the data, with the secret concealmentterminal table (see FIG. 5A) stored in itself. If there is thecombination of the IP address of the source terminal and the IP addressof the destination terminal on the secret concealment terminal table,the data is judged as being subject to secret concealment, but, if thereis not, the data is judged as not being subject to secret concealment.

[0078] When the data is judged as being subject to secret concealment(YES at the step S2), the source router specifies the destinationrouter, based on the routing table, and selects the public key of thespecified destination router, from the public key/secret key table (seeFIG. 5B) stored in itself (step S3).

[0079] Next, the source router selects the common key for encrypting thedata, from the common key table (see FIG. 5C) stored in itself (StepS4). And the sending router encrypts the data (in this embodiment, onlythe data portion of the IP packet) using the selected common key (stepS5).

[0080] Then, the source router, using the public key that was selectedat the step S3, encrypts the common key used for encrypting the dataportion (step S6), and adds the encrypted common key to the data portionof the IP packet. As to which area of the data portion the encryptedcommon key is to be added has been already decided between the sourcerouter and the destination router. For example, the encrypted common keyshould be added to the head, to the rear of the data portion or thelike.

[0081] Next, the source router makes alteration of the header portion ofthe IP packet, resulting from adding the encrypted common key to thedata portion (step S8). As to points to be altered, in the case of theIPv4, the header length, overall length, ID and flag of the headerportion are altered. Each value of these is changed to the value afterthe encrypted common key was added.

[0082] Then, the source router transmits the IP packet to thedestination router through the leased line network 1 (step S9). Afterthat, processing returns to the step S1. If the IP packet transmittedfrom the source router pass through one or more relay routers (whicheverone of the routers 5) until it arrives at the destination router, theserelay routers perform routing of the IP packet on the basis of therouting table like the general relay routers on the Internet.

[0083] At the step S2, if the data is judged as not being subject tosecret concealment (NO at the step S2), processing goes on to the stepS9, and the data is sent from the source router “as is”, withoutundergoing encryption process.

[0084] Provided that if all data is subject to encryption, processing atthe step S2 will be omitted.

[0085]FIG. 7 is a flowchart showing the flow of processing of the sourcerouter. When the destination router receives the data (IP packet) fromthe source router (step S11), the destination router judges whether thereceived data is subject to secret concealment or not (step S12). Thisjudgment, like the judgment at the step S2 as described above, is madebased on the comparison of the source address (IP address) and thedestination address (IP address) contained in the header portion of theIP packet, with the secret concealment applicable table (see FIG. 5A)stored in itself.

[0086] If the data is judged as being subject to secret concealment (YESat the step S12), the destination router selects its own secret key fromthe public key/secret key table (see FIG. 5B) stored in itself (stepS13).

[0087] Next, the destination router extracts the encrypted common keyfrom the data portion of the data (IP packet) (step S14). As describedabove, because the point to which the encrypted common key was added hasbeen determined in advance between the routers, the destination routerextracts the encrypted common key from the pre-determined point.

[0088] Then, the destination router decrypts the extracted common key bythe secret key selected at the step S13 (step S15). And, the destinationrouter decrypts the data portion by the common key obtained bydecryption (step S16). As shown in FIG. 4B, if the specific encryptionmethod is specified corresponding to the common key, the destinationrouter selects the encryption method corresponding to the common key,from the common key table stored in itself, and decrypts the dataportion based on the common key and the selected encryption method.

[0089] Next, the destination router performs necessary alteration of theheader portion of the IP packet (in other words, to return the headerportion to its original state before encryption), resulting from thedecryption of the data portion and the extraction of the common key fromthe data portion (step S17).

[0090] After that, the destination router sends the restored IP packetto the destination terminal (subscription terminal) directly connectedto itself, through the local area network 4 (step S18). After that,processing returns to the step S11.

[0091] At the step S12, if the data is judged as not being subject tosecret concealment (NO at the step S2), processing goes on to the stepS18, and the data is sent to the terminal “as is”, without undergoingdecryption treatment.

[0092] For caution's sake, if all data is subject to decryption,processing at the step S12 will be omitted.

[0093] As described above, in this embodiment, as the router 5decrypts/encrypts the data based on the pre-determined secretconcealment terminal table, information (like confidential internalinformation closed to outsiders) can be effectively protected from anyillegal tapping, copying, alteration, etc. by the third party, even ifthe user of the terminal 6 is not specially conscious of secretconcealment.

[0094] Next, description will follow about updating processing of thetable stored in each router, when the table stored in the managementdatabase 20 was updated.

[0095] As the central management device 2 and the management database 20collectively manages the information required for decryption/encryptionof the communication network system 10, if any change arises in theinformation, first of all the information contained in the managementdatabase 20 is updated.

[0096] The management database 20 must be updated in the followingcases; e.g. where the terminal 6 is newly added to a certain local areanetwork system 3; where the existing terminal 6 was removed from acertain local area network system 3; where a new local area networksystem 3 was added to the communication network system 10; where theexisting local area network system 3 was removed from the communicationnetwork system 10; or, where any addition, alteration or deletion tookplace in the public key, secret key or common key.

[0097] For example, when a new terminal 6 is added to a certain localarea network system 3, the information concerning the newly addedterminal is added to the secret concealment applicable table (see FIG.2). Also, when a new local area network system 3 is added, theinformation concerning the router 5 and the terminal 6 of the newlyadded local area network system 3 is added to the secret concealmentapplicable table, and to the public key/secret key table (see FIG. 3A or3B), the information (public key and secret key) concerning the router 5of the newly added local area network system 3 is added. When any changetook place in the public key or the secret key, the public key/secretkey table is changed, and when any change took place in the common key(or encryption method), the common key table (FIG. 4A or 4B) is changed.

[0098] Moreover, in addition to these cases, in order to avoid keepingthe management database 20 in the same state for a long period of timeand to enhance security, it is preferable to periodically update thedatabase.

[0099] The manager of the communication network system 10, or theoperator of the central management device 2, operating the centralmanagement device 2, will update the management database 20.

[0100] When the management database 20 is updated, the updated portionis sent to each router that needs updating, in order to allow eachrouter to reflect the updated management database 20 into the tablestored in each router. FIG. 8 is a flowchart showing the flow ofprocessing of the central management device 2, when the secretconcealment applicable table of the management database 20, the publickey/secret key table, or the common key table is updated.

[0101] First of all, the central management device 2 generates a tableof a router to which the updated table is to be sent (destinationrouter) (step S21).

[0102] Next, the central management device 2 selects the public key ofthe destination router from the public key/secret key table (step S22).At this time, if the public key/secret key table is already updated, itis preferable that the public key/secret key table, from which thepublic key is to be selected, would be in the state of before updated(in other words, the public key to be selected is also preferably in thestate of before updated). This is because that the destination router,which receives the updated public key/secret key table, receives theupdated public key/secret key, and performs decryption using the secretkey before updating, until updating of its own data completes.Therefore, the management database 20 is preferably required totemporarily hold the data before updating, until updating of the datastored in each router completes.

[0103] Then, the central management device 2 selects the common key ofthe destination router from the common key table (step S23). At thistime, like the public key/secret key table described above, if thecommon key table is already updated, it is preferable that the commonkey table, from which the common key is to be selected, would be thetable before updated (in other words, the common key to be selectedwould preferably be the key before updated).

[0104] Next, the central management device 2 encrypts the data portionof the IP packet created from the table prepared at the step S21, by thecommon key selected at the step S23 (step S24). When the prepared tableis divided into a plurality of IP packets, the data portion of each IPpacket is encrypted using the common key.

[0105] Then, the central management device 2 encrypts the common key bythe public key selected at the step S22 (step S25).

[0106] Next, like processing at the step S7 shown in FIG. 6 as describedabove, the central management device 2 adds the encrypted common key tothe data portion of the IP packet (step S26). With this addition, theadded header portion of the IP packet is changed. When the table is tobe sent, after being divided into a plurality of IP packets, it ispreferable to add the encrypted common key to the head of the IPpackets.

[0107] Then, the central management device 2 sends the encrypted tableand common key to the destination router (step S27).

[0108] On the other hand, when the updated table is sent, thedestination router updates its own stored data by this table. FIG. 9 isa flowchart showing the flow of processing of the destination router,when the updated table is sent from the central management device 2.

[0109] Upon receiving the encrypted table and common key from thecentral management device 2 (step S31), the destination router selectsthe secret key (step S32), and decrypts the encrypted common key by theselected secret key (step S33). At this time, even if the table sentfrom the central management device 2 is a public key/secret key table,and this public key/secret key table is updated, the secret key selectedat the step S32 is a key already stored in the destination router (inother words, secret key before being updated).

[0110] Then, the destination router will decrypt the table by the commonkey (step S34). If the table is divided into a plurality of IP packetsand sent, to re-construct the table, the data portion of each IP packetis decrypted, and a plurality of decrypted data portions is connected.

[0111] Next, the destination router will substitute (update) its ownstored table, by the decrypted table (step S35). By this, updating ofthe table of the destination router completes.

[0112] As described above, in this embodiment, the central managementdevice 2 and the management database 20 collectively manage the secretconcealment table, the public key/secret key table, and the common keytable. And if updated, the updated information is sent from the centralmanagement device 2 to each of the router 5, so that the data held byeach of the router 5 is updated. Therefore, the user of the terminal 6can be released from troublesome work, like managing the key, judgingthe necessity of decrypting/encrypting data, etc. Also, if any changetook place in the communication network system 10, such change can bedealt with flexibly.

[0113] In the embodiments as described before, encryption is usuallyperformed on an IP packet-by-packet basis, however, it is possible toencrypt the entire data in advance, and send the encrypted total data,after dividing it into IP packets. Also, if the destination routeralready knows the common key used by the source router, it may not benecessary to encrypt this common key by the public key and sent to thedestination router.

[0114] In addition, processing given in each flowchart shown in FIG. 5through FIG. 9 could be described by the program to be integrated intothe router 5 or the central management device 2, or could be implementedby hardware circuit.

[0115] It is to be noted that the second source terminal and the firstdestination terminal can be the same or different ones. In the samemanner, the second destination terminal and the first source terminalcan be the same or different ones.

[0116] According to the present invention, even if the user of theindividual terminal is not specially conscious of secret concealment ofthe data to be communicated between the local area network systems, thedata that needs encryption is sent after being encrypted, and isdecrypted at the receiver side and distributed. By this function, thedata to be communicated between the local area network systems can besecretly concealed.

[0117] Moreover, according to the present invention, the centralmanagement device can collectively manage information (common key,public key, secret key, etc.) required for secret concealment of thedata to be communicated between the local area network systems. By thisfeature, each user, router, etc. is not required any more toindividually manage information to be secretly concealed, and, thefeature also enables the user to flexibly deal with such change, if any,in the communication network system.

What is claimed is:
 1. A communication network system having a centralmanagement device and a plurality of local area network systems, saidcentral management device and said plurality of local area networksystems being connected to each other, each of the plurality of localarea network systems having a router and a terminal which are connectedto each other via a local area network, said central management devicecomprising: a management database for storing at least one common key,each public key assigned to each router and a public key assigned to thecentral management device; and a central-side encryption unit forencrypting the common key by using each public key assigned to eachrouter, and sending the encrypted common key to each router; said routercomprising: a first router-side decryption unit for decrypting theencrypted common key sent from said center-side encryption unit by usinga secret key of the router; a storage unit for storing the common keyafter decryption by said first router-side decryption unit; and arouter-side encryption unit for encrypting communication data to be sentfrom a first source terminal in a local area network system of therouter to a first destination terminal in another local area networksystem, or communication data to be sent from the router to the centralmanagement device, by using the common key stored in said storage unit,and sending the encrypted communication data to another local areanetwork or the central management device.
 2. The communication networksystem according to claim 1, wherein said central-side encryption unitencrypts the public keys and sends said encrypted public keys to eachrouter, said first router-side decryption unit decrypts the encryptedpublic keys sent from the central-side encryption unit by using thesecret key of the router, said storage unit stores the public keys afterdecryption by said first router-side decryption unit, and saidrouter-side encryption unit selects the public key for a router ofanother local area network system or the central management device to bea destination from the public keys stored in the storage unit, encryptsthe common key by using the selected public key, and sends the encryptedcommon key to another local area network or the central managementdevice, together with the encrypted communication data.
 3. Thecommunication network system according to claim 1, wherein saidmanagement database further stores secret concealment terminal dataindicating a combination of one terminal in one of the plurality oflocal area network systems and another terminal in another of theplurality of local area network systems, data communicated between oneand another terminals of said combination being required to beencrypted; said central-side encryption unit encrypts the secretconcealment terminal data by using each public key assigned to eachrouter, and sends the encrypted secret concealment terminal data to eachrouter, said first router-side decryption unit decrypts the encryptedsecret concealment terminal data sent by the central-side encryptionunit by using the secret key of the router, said storage unit stores thesecret concealment terminal data after decryption, and said router-sideencryption unit encrypts the communication data if the combination ofthe first source terminal and the first destination terminal iscontained in the secret concealment terminal data.
 4. The communicationnetwork system according to claim 1, wherein said router furthercomprises: a second router-side decryption unit for decrypting data sentfrom a second source terminal in another local area network system to asecond destination terminal in the local area network system of therouter, and sending the data after decryption to said second destinationterminal.
 5. The communication network system according to claim 4,wherein said management database further stores secret concealmentterminal data indicating a combination of one terminal in one of theplurality of local area network systems and another terminal in anotherof the plurality of local area network systems, data communicatedbetween one and another terminals of said combination being required tobe encrypted, said central-side encryption unit encrypts said secretconcealment terminal data by using each public key assigned to eachrouter, and sends the encrypted secret concealment terminal data to eachrouter, said first router-side decryption unit decrypts the encryptedsecret concealment terminal data sent by the central side encryptionunit, by using the secret key of the router, said storage unit storesthe secret concealment terminal data after decryption, and said secondrouter-side decryption unit decrypts the communication data if thecombination of the second source terminal and the second destinationterminal is contained in the secret concealment terminal data.
 6. Thecommunication network system according to claim 1, wherein if the commonkey stored in the management database is updated, said central-sideencryption unit encrypts the updated common key and sends the updatedand encrypted common key, and said first router-side decryption unitdecrypts the updated and encrypted common key, and said storage unitsubstitutes the already stored common key by the updated common keyafter decryption, for storage.
 7. The communication network systemaccording to claim 2, wherein if the public key stored in the managementdatabase is updated, said central-side encryption unit encrypts theupdated public key and sends the updated and encrypted public key, andsaid first router-side decryption unit decrypts the updated andencrypted public key, and said storage unit substitutes the alreadystored public key by the updated public key after decryption, forstorage.
 8. The communication network system according to claim 3,wherein if said secret concealment terminal data stored in themanagement database is updated, said central-side encryption unitencrypts the updated secret concealment terminal data and sends theupdated and encrypted secret concealment terminal data, and said firstrouter-side decryption unit decrypts the updated and encrypted secretconcealment terminal data, and said storage unit substitutes the alreadystored secret concealment terminal data by the updated secretconcealment terminal data after decryption, for storage.
 9. Thecommunication network system according to claim 5, wherein if saidsecret concealment terminal data stored in the management database isupdated, said central-side encryption unit encrypts the updated secretconcealment terminal data and sends the updated and encrypted secretconcealment terminal data, and said first router-side decryption unitdecrypts the updated and encrypted secret concealment terminal data, andsaid storage unit substitutes the already stored secret concealmentterminal data by the updated secret concealment terminal data afterdec4yption, for storage.
 10. A communication method in a communicationnetwork system having a central management device and a plurality oflocal area network systems, said central management device and saidplurality of local area network systems being connected to each other,each of the plurality of local area network systems having a router anda terminal which are connected to each other via a local area network,comprising steps of: in said central management device, encrypting atleast one common key stored in a management database in advance by usingeach public key assigned to each router, each public key being stored insaid management database in advance; and sending the encrypted commonkey to each router; and in said router, decrypting the encrypted commonkey sent from the central management device by using a secret key of therouter; encrypting communication data to be sent from a source terminalin a local area network system of the router to a destination terminalin another local area network system, or communication data to be sentfrom the router to the central management device by using the commonkey; and sending the encrypted communication data to another local areanetwork or the central management device.
 11. A router disposed in eachof a plurality of local area network systems which are connected to acentral management device, the router being connected via a local areanetwork to a terminal disposed in each of the plurality of local areanetwork systems, the router comprising: a decryption unit for decryptingan encrypted common key sent from said central management device, byusing a secret key for said router, said common key being encrypted byusing a public key for the router; a storage unit for storing saidcommon key after decryption by said decryption unit; and an encryptionunit for encrypting communication data to be sent from a source terminalin a local area network system of said router to a destination terminalin another local area network system, or communication data to be sentfrom said router to the central management device, by using the commonkey stored in said storage unit, and sending the encrypted communicationdata to another local area network or the central management device. 12.A communication method of a router in each of a plurality of local areanetwork systems which are connected to a central management device, saidrouter being connected to a terminal via a local area network,comprising steps of: decrypting an encrypted common key sent from saidcentral management device by using a secret key for said router, saidcommon key being encrypted by using a public key for said router;storing the common key after decryption in a storage unit in the router;encrypting communication data to be sent from a source terminal in alocal area network system of the router to a destination terminal inanother local area network system, or communication data to be sent fromthe router to the central management device, by using the common keystored in the storage unit; and sending the encrypted communication datato another local area network or to the central management device.
 13. Aprogram product executed by a router disposed in each of a plurality oflocal area network systems which are connected to a central managementdevice, the router being connected via a local area network to aterminal disposed in each of the plurality of local area networksystems, said program product comprising steps of: decrypting anencrypted common key sent from the central management device by using asecret key of the router, said common key being encrypted by using apublic key of the router; storing said common key after decryption in astorage unit of the router; encrypting communication data to be sentfrom a source terminal in a local area network system of the router to adestination terminal in another local area network system, orcommunication data to be sent from the router to the central managementdevice, by using the common key stored in the storage unit; and sendingthe encrypted communication data to another local area network or to thecentral management device.
 14. A central management device connected toa plurality of local area network systems each having a router and aterminal which are connected to each other through a local area network,the central management device comprising: a management database forstoring at least one common key, each public key assigned to each routerand a public key assigned to said central management device, said atleast one common key being used by each router to encrypt communicationdata to be communicated between a terminal of a local area networksystem and a terminal of another local area network system, or betweeneach router and the central management device; and an encryption unitfor encrypting the common key by using each public key assigned to eachrouter, and sending the encrypted common key to each router.
 15. Amanagement method of a central management device connected to aplurality of local area network systems each having a router and aterminal which are connected to each other through a local area network,the management method comprising steps of: storing in a managementdatabase and managing at least one common key, each public key assignedto each router and a public key assigned to said central managementdevice, said at least one common key being used by each router toencrypt communication data to be communicated between a terminal in alocal area network system and a terminal in another local area networksystem, or between a router and the central management device;encrypting the common key by using each public key assigned to eachrouter; and sending the encrypted common key to each router.
 16. Aprogram product executed by a computer installed in a central managementdevice connected to a plurality of local area network system each havinga router and a terminal which are connected to each other through alocal area network, said program product comprising steps of: storing ina management database and managing at least one common key, each publickey assigned to each router and a public key assigned to said centralmanagement device, said at least one common key being used by eachrouter to encrypt communication data to be communicated between aterminal in a local area network system and a terminal in another localarea network system, or between a router and the central managementdevice; encrypting the common key by using each public key assigned toeach router; and sending the encrypted common key to each router.